Sample details: a4872e4fe84e5adcc49ba4c641547821 --

Hashes
MD5: a4872e4fe84e5adcc49ba4c641547821
SHA1: 38fbc212ba2fde3dc0d9f3e9fa27df1411604398
SHA256: 423dc1aaaed311349f9932a643a032d18f0589b97275b501a7a7f6955f5aac46
SSDEEP: 12288:TZvu1w8UMqVhbTeKaYJeI5qRXgVHEaeQPFWPxBSDWavW:A1w8dq3HdaYJv4CVmLBSDY
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/CRC16_table |
Source
http://altarek.com/mngytr56
http://altarek.com/mngytr56
http://basarteks.com/mngytr56
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
@.reloc
D$0"Mn
L$ v61
5;D$4w
L$H;D$4s
!=K=*B
Af;T$*
L$$-V8'N
L$x;D$T
T$p;D$L
D$d5B+
L$`#D$X
D$P5r,
+D$L3D$D
L$45U-b
LZ+D$L9D$,
D$,9D$,
system32\calc.exe
VXDwyDB1BPWtNc4qir5I.pdb
SetMessageExtraInfo
GetActiveWindow
LoadIconA
USER32.dll
GetMapMode
MaskBlt
GdiGetBatchLimit
GDI32.dll
memset
msvcrt.dll
GetProcessHeap
AllocConsole
GetWindowsDirectoryA
ExitProcess
GetEnvironmentStrings
GetUserDefaultLangID
lstrcmpiW
FreeEnvironmentStringsA
GetBinaryTypeA
IsSystemResumeAutomatic
GetSystemTime
KERNEL32.dll
CM_Get_Child
SETUPAPI.dll
ClearEventLogW
RegDeleteKeyW
ADVAPI32.dll
PathSkipRootW
StrToIntW
PathCombineA
SHLWAPI.dll
SCardCancel
WinSCard.dll
CertEnumPhysicalStore
CRYPT32.dll
KE8<:B
']#Qq2G
x&Sy$Y=
.GiO<]
.MDM!j
,!(-C?
^-%2A!8sS
x&Sy$H	K
a%q3)#
sq!4;Qg
ic~7I02
x&Sy$H	K
	^[j)4
'f[j)4
r.^["(3
0>2C~44
~]Xi(35
F0l)4CEv
[k)4EM
[*#tPnx
)rBnf+=
*F>ZR<+
+^YDpgj
?Yg	_9
gZ/VYC~+4
kc55ted
2>ZFs|3
pEhptC
Ejmg"j
A	*J-t
k)4~5*
:baj)4x
z\[z)4<
$*#`/O
z?Zi84I
KUmiJB
\+!9Ao
^[j,QD
=P_wYE
?bl<(J/
?nrB.@?
{A%pz?[j)
`[j(XMi
`[j\*&
EVaqaR
><Fr(y
`$OAL-
},Y4-K
mp*FN\")
zW[j*45
^[r)CwXmd
zW[l)45
z([j-4K
rd/4ik
)c]ZU4
]`(_Ri
Gbi(3PY
G4k)4M
Gli(3P
g	7|Xc
Gug(3P
G2j)4IT
$Px@.A
GDj)4M
Z-WMg	
G:h(3PY
G4s)4P
LGce(3M
R|g	7~
f(3P2r
4/Gd](3M
}g	7cj
k[j)4Pv
~g	4/GTj)4K
G,V(3e
Gmc(3P
Kg(3Pv
]Q/Bb~
S!4=^]U
hp0>(D
ZI~RdG
bGtm)4P
G-a(3DMr
SJ0>ZF
-[DS-4
7|~[U+
G+j)4P
g	4f^F6
,=4Pxrp
Z0/Bf|
G[i(3Pv
G0j)4P
G!h(3P
,bRi5'k
Yi(CDJ
Grk)4P
GIg(3M
"F@Y(3Px
GWj)4I}
4>jDk(3
Z0/B$}
^j)o5qr
zJ'j)4Pv
V|g	48
GMl)4P
G0t)4CJ&
G(u)4M
g	m>Z`S
G^~)4P
Gw^(3P
t)4Pv!
	G[Z(3P
]P/Bwo
G#f(3P
Sh(3Pv,
GPg(3M
Gki(3M
GSh(3P
FP(ePx
n>VOWp4Px
g	n>Vg2p4Pv=
gFj(It-)
YJIMi>
Gai(3M
n>VOWp4
n0Px:3c
,bRi{$
n>VOWp4Px
YRil'E
9RAWcO
fGS07I
Sw1>nF
S'2>fF
,kRiM'
G6g(3P
Gyh(3I
S(7RIp
SI2;fD')4
Gti(3P
Gsi(3P
*qrcU9
9Z9/D>
Gil)4M
Gjk)4P
G"j)4P
]Q/Bu~
G\l)4M
Gdk)4I
Ggh(3M
i_LS(n9rbj)4Px
(DPxt3
G!k)4P
2HbDr,4
0]Zif2
S-4f^F
,kRi1'
G#l)4M
G3f(3P
0vnD]*4
Z0/Bx~
#h(3Px6
Gvh(3K
	Gfi(3P
Ril	~O
g	7n D
S1726D
FrD*,4
[j)CBq
2>nDA24
!aj)CB
Gug(3P
G!d(3M
Gw^(3C
GSh(3P
4I_F`y
i-_iST*>nc
Gik)4M
g	2N6D
k[j)4Pv
,kRia$
Kg(3Px
(^NYi(3Px
O	XRgm
g	4f^FU
2FnDF)4
Z0/B3}
G]})4P
+f(3Pvl
F@](3Pv
b(3PS'
i(3Pv_
G`m)4PS'
`?p/B2z
d(3PTg
GSk)4P
o)4MJ	
^i(3Pv
xg	m>Zb
+G#j)4
_](3PvE
G`R(3P
g	7|V^S+
Y(3PTgo
G&W(3P
xg	4/G|\(3
Z9/B"}
G^t)4P
R^j)CwV
]	4*Rg
G6g(3M
rvg	n>*
Go_(3PvP
G/k)4P
GUt)4IUr
GKl)4P
Gmn)4P
VNDA04
G<m)4P
GDk)4M
Ggd(3P
|g	7PG
G>p)4M
4~"Yi(
7s)4Pv
4FNDT,4
]J/BSy
Gjh(3PS'
Guk)4P
GTk)4K
k)4Pu!4
]}ciRi
GIn)4P
GZm)4P
YR}<[l
G<z)4P
Ch(3Pv
Gqp)4M
Gb[(3P
sg	7OGsf(3P
F0m(3PvZ
h(3Pvm
4PxH0:
,bRih'
k4PxB3K]
m>Z\Sh2
WG7u)4M
A^Dm$3
X'3PvX
Gn})4P
gGz{)4PS'
Gf_(3M
BGR`(3M
GVc(3M
Uxg	n>
GWY(3P
Gmh(3M
GTh(3M
S)7RI4
Z0/B>}
|JwSO5
pn>F[o
G#g(3M
G|h(3P
Z9/B/{
XRin'O
g	2vfDI'3
G j)4P
Sjn>2\j)4Px=3
ffo@Z7
>->l1Q
GHf(3P
]X/B*|
\ZU?35
GUj)4P
oPE"zB
p0>2D|*4
![j)CE
h(3Pvv
g	7|\^S
-Ri_`l
	G]i(3M
5cDx,4
Gbh(3M
G{q)4P
4F&D-'3
GJk)4PT'
^[0n ;
G9f(3PT'
Gyn)4P
GJn)4&
3aVGmD
]GAg(3P
[r)4Px(0h
GTh(3P
*Yb[U)
2[j)35
Z9/D2E
Gvk)4M
IGYh(3M
1n,,f)
Fj(I\.)
jOgYs1X-
n@Px233
1n,,f)
G%3PxC
n>Vg2p4PxY3e
i_LS!7B
G#j)4P
*FPY(3Pv
,YRi)'
S!7*'Fq
S24/I:
k[j)4PvG
Ggi(3P
Goi(3Cy
GVz)4M
]J/Bn~
MG5q)4
#Cp4Pv2
,Y]ZiI
G(f(3P
Gd`(3P
m)4I}r
Snn~6Yi(
T'#iA)
wg	7IG
Gca(3P
k[j)4Pv
zng	4/
#Cp4Pv
c(3PTg
Gsi(3I
.Z9/Bm
Ghi(3P
Z0/Bsx
YRix'O
2>nD8)4
zZi(35
G$t)4P
G o)4P
JGGn)4a
4~WYi(
G<n)4P
G2\(3P
wg	*^F[
G?k)4P
G`g(3P
 vzg	7
2<nDc$3
i&3PxJ
Gnl)4P
S72?bFa 3Pv
,a]ZiW
48GHk)4M
g	4/G^f(3
7d0wSg3
f(3PT''
SD7nbFO
h(3Pvj
n&s0f	
G.g(3P
p0~6Yi(
Gt\(3P
n&[~f	
_(3&8r
7QG9g(3M
n&[be	
G6x)4P
gp0~8Xi(
GBX(3M
LGqh(3P
 ng	7QGTg(3
~g	7RG
GV[(3P
GGr)4*
G)^(3P
GHt)4M
Z0/BH{
n&[Bf	
G{k)4*
G%Y(3P
iig	7QG0J(3P
,tRgP{
xg	7QG
]`JB~[
M(3PvgS
Z9/BK5
sZ(3Pv
Z6yg	7
7QG=d)4M
n&[|M	
"B\g	7
'`(3PvO
n&[|T	
]R/Brf
p0~jIi(
R(3Pv~)
p0~pAi(
p0~lXi(
EY(3Pv
GA$)4&
n&[BV	
sh(3Pv
"~ug	7
GEz)4M
mhg	7_	D
G9P(3M
G'U)4M
Z0/Bes
p0~HBi(
J(3PvG
7]/BB+
n&[@Z	
"@ug	7
B(3Pvd
G=1)4P
n&[L\	
GU?(3P
+B(3Pv
ZNpg	7
n&[4c	
,tRg0;
]R/B(v
hp0~NFi(
,bRg`}
Y(3Pv.
GD#(3P
QG\7(3P
*f_g	7
GL;)4P
o*4MJ6
")4MJJ
W(3Pv.
n&[dY	
p0~PEi(
"0hg	7
n&[T^	
W(3Pv{
?F(3Pv
<(3PvD\
~1	l@#	
0~R7i(
q[(3Pv
N(3Pv%
qh(3Pv
O\tqsz
,YRg$3
 g	4/Gbb(3&
G4P)4&8
#Q(3Pv
G.P)4P
Z9/B</
qG6o)4P
hp0~&Fi(
uQ(3Pv'1
c|g	7Q
O(3Pvx
X(3Pv%
Gfy*4P
GFY)4M
n&[DL	
GZJ(3&
"Z~g	7
hG""(3*
`(3Pv$
p0~8Ei(
GMl)4&8r
"vyg	7
GOg(3P
"Fhg	7
4f^DLn4
n&[te	
""|g	7
i)4&8r
p0~BWi(
n&[xa	
Gw3(3I
}b(3Pv` 
4f^DBk5
n&[t_	
!e(3Pv	
7Y(3Pv/_
,tRgTZ
"$}g	7
#)4IUr
0~J4i(
2Zqg	7
g	7QG:
"<sg	7
"^lg	7
Z0/BPL
p0~D?i(
n&[`a	
3vg	48G
qvg	7_
gp0~pPi(
G=*)4P
n&[*_	
p0~xKi(
GYD)4M
"~og	7
]R/BP%
oU(3Pv
qU(3Pv
Z9/Btk
g	48GO
n&[dP	
O\}q	s
n&[.S	
-_tQt(
g	0~R3i(
-&g	4/G
G	|(3&
G1v*4P
G5\(3P
n&[jV	
pGB.(3P
"Fzg	7
=R(3Pv
n&[0P	
p0~nDi(
GQy)4&
_	D=Q4
hp0~:Ei(
*Ntg	7
n&[rZ	
GJv*4*
7_	D&v4
G"f(3P
e(3PvI
(!Rg#.
"^ig	7
qGZS(3P
p0~jBi(
gp0~NBi(
W(3PvH3
G]6)4P
G>e'3M
ZGO*)4IUr
0~j8i(
Z^og	7
Go\'3M
n&[^^	
Z0/B'8
^g	7_	
GnJ'3M
n&[lU	
G"W'3&8
?A(3Pv
^G3>'3P
G!%'3P
p0~XFi(
,tRgxy
Gnh'3P
n&[BQ	
n&[@T	
GkB'3P
]R/B/z
Gq-)4*
]R/B(s
p0~,Ki(
[S(3Pv
4/Gm((3
""gg	7
GhJ'3*
*Veg	7
"fkg	7
/W(3Pv
h(3PvAn
7QGf-'3IUr
{mg	7*
d(3Pv?2
gp0~BUi(
n&[F\	
g	0~*9i(
n&[<a	
p0~0Ei(
Gxx)4M
p0~nBi(
eg	4/G
G1l(3P
7=(3Pv
G\"'3IUr
N(3Pv1V
wb(3Pv
n&[dV	
7QGin)4M
^(3Pvs
p0~FVi(
G%Z'3P
g	48G@
"Pxg	7
"nog	7
nHfmYG
h(3Pve
g	7_	D]
n&["^	
hp0~DEi(
p0~FGi(
p0~JFi(
_	D8u3
f	4f^D
*rwg	7
"pmg	7
d(3Pv<5
p0~vQi(
,bRg|{
Rrg	7_
Z@hg	7
r	fm:g
0~Z;i(
Vg	4f^DN
G7%'3*
"^pg	7
,bRg;G
p0~6Ai(
GIy(3P
qG_1(3I}r
2Bng	7
P,f	7_
`Xg	7QGnt(3P
K_(3Pv\
(!RgR%
WM(3Pv>
Gal(3P
]R/B!	
c(3Pvw~
gp0~TNi(
upf	7_
2lf	7c
_G%]'3P
"Nug	7
g	4/GUS'3P
n&[v[	
0~2:i(
ZF{g	7
Z9/Byu
GO5'3P
GiC'3M
(!Rg[[
Z0/B#u
0g	48Gn
"Rtg	7
n&[\d	
gp0~hBi(
"\ug	7
".jg	7
ff	48G
Brg	4f^D
n&[~f	
sig	4f^D
"nlg	7
`pf	48
g	7_	D
n&[Xb	
n&[,e	
?Of	7_	D@
G>r'3P
/U(3Pv
Z9/haN
i+omg7
SA0AbFw
I^,14P
cRiO0no
Id,-4P
,YRi_<n
n)4PvY
G^k)4P
]Zi>la
]nNB9|
n>Foj)4
iRi}cO
S+4f^F
Ggk)4M
G<j)4P
k[j)4Px
k[j)4Px
v(Px43
(JRir'
	zD:'3
g	48Ib
h(3EMr
LGmi(3P
j)4PPr0
G=j)4Pu
g	7|${S
1GAj)4
GHj)4IT
G1j)4P
F]Zid{
Gwi(3P
S27RIb
]Z,54P
Sh7c^F}
4f^DQ)4
G}i(3E
GIh(3PY
nfD;)4
,bRfu*|
S6*?b#
i(3Pv 
S(7JIB
Gwk)4P
]Y/B z
yRia'O
G^i(3P
Z0/D.@
G[l)4PuA_
"6D;,4
i(3IUr
g	7JIO
]Z,-4Pxs0:
Grk)4P
GCj)4K
Gqm)4P
"6Dx*4
g	7*'F
'WZiMHPv
4/GTc(3
G,d(3P
\j)35q
G_k)4$
Gkl)4M
}_j)35
Zl)4Pv
GDs)4M
|Zi(CE
G_s)4P
G[n)4Y
G.c(3P
G`l)4M
G"j)4P
Gdd(3K
Glk)4x%
g	7|XsU)
jPx	0:]
_SM7"$F4
G/n)4P
GAh(3K
uC	sv	
\Zib&Px
^[jb,Pv
[U9Cv^r
ifMS17nT
]	UTRg
g	4:jD
G1c(3P
G1k)4P
Gbk)4M
GWg(3K
Gal)4P
	U+Rg}
Gzf(3M
f[j\h}U
h=_y^[j
Gg`(3M
G/h(3K
A^DV!3
eg	2NZD
^@i(Cvhr
]	U4Rgns
Oi(Cv_r
GZi\pUU
~(Pv${
hg	7,j
G{l)4&
kk)4Pvf
GJl)4M
GZm)4M
kk)4Px
"#D;,4
GIl)4M
G"l)4M
GNh(3P
T|g	4f^
M	_[j)
$Px>0:]
DS]7PG
e\j)CDq
\Zib,Pv
Gds)4P
G;k)4M
GAk)4M
Z0/Bg{
"zg	7c
]M/Biy
n$Px^0@
2FjDR)4
GTq)4P
G7o)4P
G_n)4P
G(h(3M
Gfh(3P
k)4PF"
G\k)4PP
j)4P2r
m)4PTg
lGef(3
g	7LG`g(3PTg
G)h(3P
}g	4f^
lZ0/D 
n+uF3p
G	b5c	
G	b5c	
n+uF3p
n+uF3p
n+uF3p
m^[U+}.
g^[X)y.
l^[=*{%
^^[>+|%
	nkj)4
	nkz9D
a {9~9i
9^[:)4
Y^[Z)4
Ev5^[j
Ia[~)4
Q`vy$tG
SDyAt 
{rsmxa>
oxKf4m
r0(Z@H
 6t5}V
r"w"'wr
'"wr'r"r"w"'w"'
r"'r"'r'
wr"w"'w"'wr
"rw'w'wrwrwrwrwrwr
'w'wrw'
'wrwrw'w'w'
w'wr"'w'
wrwrw"w
rw"wrw'w'
r"'wr'wr'
'wrw"'
'"wr'r
rwr'rwr'rw
rw'rw'wrwr
$r"w"'wr"r'"r"w"'r'
wr'w"'r"r'r
'"w"'"r'w"w"
"wr"r"w
&"w"'wr"r'"'w"wr"r'"
w'rw'r
w'w'rwrw'r
wrw'rwrwrw'rw'
w'w'wrwrw'rw
'rw'w'r'w'rw
'rw'w'r
w'w'wrwrw'rw
r"'rw'
w'w'r'
w'r'wrw'r
w'rw'r
'rwr"w"rwr
rwr"w"
$'wr'"wr"w"r"r'"w"r
"w"rwr
wr"w"'r
("'r'"w"rw"w"w"rwr"w"
r'"r'"wr
r'wr"w"'
w"'r"wr
w"w"r"r'
"pwpwpw
pwpwpw
4pwpwpw
pwpwpw
pwpwpw
pwpwpw
P%@Fpg`
ftGd$T
uJTZ7j
n6~UNt^
Qkkbal
United Kingdom
Special Graphics
Multinational
British
French
French-Canadian
German
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    version="5.1.0.0"
    processorArchitecture="x86"
    name="Microsoft.Windows.Shell.HyperTerminal"
    type="win32"
<description>HyperTerminal</description>
<dependency>
    <dependentAssembly>
         <assemblyIdentity
             type="win32"
             name="Microsoft.Windows.Common-Controls"
             version="6.0.0.0"
             processorArchitecture="x86"
             publicKeyToken="6595b64144ccf1df"
             language="*"
        />
    </dependentAssembly>
</dependency>
</assembly>
2(242K2
4=4G4W4
4^5g5w5
:7=V=q=~=
0<0\0|0
1<1\1|1
2<2\2|2
3<3\3|3
4<4\4|4
5<5\5|5
6<6\6|6
7<7\7|7
8<8\8|8
9<9\9|9
:<:\:|:
;<;\;|;
<<<\<|<
=<=\=|=
><>\>|>
?<?\?|?
0<0\0|0
1<1\1|1
2<2\2|2
3<3\3|3
4<4\4|4
5<5\5|5
6<6\6|6
7<7\7|7
8<8\8|8
9<9\9|9
:<:\:|:
;<;\;|;
<<<\<|<
=<=\=|=
><>\>|>
?<?\?|?
0<0\0|0
1<1\1|1
2<2\2|2
3<3\3|3
4<4\4|4
5<5\5|5
6<6\6|6
7<7\7|7